Popcorn: Paillier Meets Compression For Efficient Oblivious Neural Network Inference

TL;DR

Popcorn is an efficient framework for privacy-preserving neural network inference that combines Paillier homomorphic encryption with neural network compression techniques, achieving reduced communication costs and practical deployment on large datasets.

Contribution

It introduces novel protocols for non-linear layers in homomorphic encryption and leverages compression to improve efficiency, enabling scalable oblivious inference.

Findings

Significant reduction in communication overhead compared to existing methods

Moderate increase in runtime with improved efficiency

First to benchmark on ImageNet for oblivious inference

Abstract

Oblivious inference enables the cloud to provide neural network inference-as-a-service (NN-IaaS), whilst neither disclosing the client data nor revealing the server's model. However, the privacy guarantee under oblivious inference usually comes with a heavy cost of efficiency and accuracy. We propose Popcorn, a concise oblivious inference framework entirely built on the Paillier homomorphic encryption scheme. We design a suite of novel protocols to compute non-linear activation and max-pooling layers. We leverage neural network compression techniques (i.e., neural weights pruning and quantization) to accelerate the inference computation. To implement the Popcorn framework, we only need to replace algebraic operations of existing networks with their corresponding Paillier homomorphic operations, which is extremely friendly for engineering development. We first conduct the performance evaluation and comparison based on the MNIST and CIFAR-10 classification tasks. Compared with existing solutions, Popcorn brings a significant communication overhead deduction, with a moderate runtime increase. Then, we benchmark the performance of oblivious inference on ImageNet. To our best knowledge, this is the first report based on a commercial-level dataset, taking a step towards the deployment to production.